/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ 33f0b0d5

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	ce77a9c4	Phil Davis	system_authservers.php
4	fbf672cb	Matthew Grooms	*/
5	ac9d8bed	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			* Copyright (c) 2004, 2005 Scott Ullrich
8	df8fca9d	Stephen Beaver	* Copyright (c) 2008 Shrew Soft Inc.
9			* Copyright (c) 2010 Ermal Luçi
10	ac9d8bed	Stephen Beaver	*
11			* Redistribution and use in source and binary forms, with or without modification,
12			* are permitted provided that the following conditions are met:
13			*
14			* 1. Redistributions of source code must retain the above copyright notice,
15			* this list of conditions and the following disclaimer.
16			*
17			* 2. Redistributions in binary form must reproduce the above copyright
18			* notice, this list of conditions and the following disclaimer in
19			* the documentation and/or other materials provided with the
20			* distribution.
21			*
22			* 3. All advertising materials mentioning features or use of this software
23			* must display the following acknowledgment:
24			* "This product includes software developed by the pfSense Project
25			* for use in the pfSense software distribution. (http://www.pfsense.org/).
26			*
27			* 4. The names "pfSense" and "pfSense Project" must not be used to
28			* endorse or promote products derived from this software without
29			* prior written permission. For written permission, please contact
30			* coreteam@pfsense.org.
31			*
32			* 5. Products derived from this software may not be called "pfSense"
33			* nor may "pfSense" appear in their names without prior written
34			* permission of the Electric Sheep Fencing, LLC.
35			*
36			* 6. Redistributions of any form whatsoever must retain the following
37			* acknowledgment:
38			*
39			* "This product includes software developed by the pfSense Project
40			* for use in the pfSense software distribution (http://www.pfsense.org/).
41			*
42			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
43			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
44			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
45			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
46			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
47			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
48			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
49			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
51			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
52			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
53			* OF THE POSSIBILITY OF SUCH DAMAGE.
54			*
55			* ====================================================================
56			*
57			*/
58	1d333258	Scott Ullrich	/*
59	ac9d8bed	Stephen Beaver	pfSense_MODULE: auth
60	1d333258	Scott Ullrich	*/
61	fbf672cb	Matthew Grooms
62			##\|+PRIV
63			##\|*IDENT=page-system-authservers
64			##\|*NAME=System: Authentication Servers
65			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
66			##\|MATCH=system_authservers.php
67			##\|-PRIV
68
69			require("guiconfig.inc");
70	acee624f	Ermal Lu?i	require_once("auth.inc");
71	fbf672cb	Matthew Grooms
72	257705ca	Renato Botelho	$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
73	d71fc5d3	jim-p	$shortcut_section = "authentication";
74	fbf672cb	Matthew Grooms
75	2ee8dea1	Phil Davis	if (is_numericint($_GET['id'])) {
76	e41ec584	Renato Botelho	$id = $_GET['id'];
77	2ee8dea1	Phil Davis	}
78			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
79	fbf672cb	Matthew Grooms	$id = $_POST['id'];
80	2ee8dea1	Phil Davis	}
81	fbf672cb	Matthew Grooms
82	2ee8dea1	Phil Davis	if (!is_array($config['system']['authserver'])) {
83	fbf672cb	Matthew Grooms	$config['system']['authserver'] = array();
84	2ee8dea1	Phil Davis	}
85	fbf672cb	Matthew Grooms
86	6306b5dd	Ermal Lu?i	$a_servers = auth_get_authserver_list();
87	2ee8dea1	Phil Davis	foreach ($a_servers as $servers) {
88	6306b5dd	Ermal Lu?i	$a_server[] = $servers;
89	2ee8dea1	Phil Davis	}
90	fbf672cb	Matthew Grooms
91	2ee8dea1	Phil Davis	if (!is_array($config['ca'])) {
92	a0165602	Sjon Hortensius	$config['ca'] = array();
93	2ee8dea1	Phil Davis	}
94	fe2031ab	Ermal	$a_ca =& $config['ca'];
95
96	fbf672cb	Matthew Grooms	$act = $_GET['act'];
97	2ee8dea1	Phil Davis	if ($_POST['act']) {
98	fbf672cb	Matthew Grooms	$act = $_POST['act'];
99	2ee8dea1	Phil Davis	}
100	fbf672cb	Matthew Grooms
101			if ($act == "del") {
102
103			if (!$a_server[$_GET['id']]) {
104			pfSenseHeader("system_authservers.php");
105			exit;
106			}
107
108	9db6993f	jim-p	/* Remove server from main list. */
109	fbf672cb	Matthew Grooms	$serverdeleted = $a_server[$_GET['id']]['name'];
110	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
111	2ee8dea1	Phil Davis	if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
112	9db6993f	jim-p	unset($config['system']['authserver'][$k]);
113	2ee8dea1	Phil Davis	}
114	9db6993f	jim-p	}
115
116			/* Remove server from temp list used later on this page. */
117	fbf672cb	Matthew Grooms	unset($a_server[$_GET['id']]);
118	9db6993f	jim-p
119	2ee8dea1	Phil Davis	$savemsg = gettext("Authentication Server") . " " . htmlspecialchars($serverdeleted) . " " . gettext("deleted") . "<br />";
120	9db6993f	jim-p	write_config($savemsg);
121	fbf672cb	Matthew Grooms	}
122
123			if ($act == "edit") {
124			if (isset($id) && $a_server[$id]) {
125
126			$pconfig['type'] = $a_server[$id]['type'];
127			$pconfig['name'] = $a_server[$id]['name'];
128
129			if ($pconfig['type'] == "ldap") {
130	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
131	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
132			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
133	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
134	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
135			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
136			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
137			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
138	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
139	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
140			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
141	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
142			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
143			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
144			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
145			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
146	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
147	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
148			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
149	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
150	fbf672cb	Matthew Grooms
151	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
152	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
153	2ee8dea1	Phil Davis	}
154	fbf672cb	Matthew Grooms	}
155
156			if ($pconfig['type'] == "radius") {
157			$pconfig['radius_host'] = $a_server[$id]['host'];
158			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
159			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
160	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
161	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
162	fbf672cb	Matthew Grooms
163			if ($pconfig['radius_auth_port'] &&
164	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
165	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
166			}
167
168	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
169	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
170	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
171	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
172	fbf672cb	Matthew Grooms	}
173
174			if (!$pconfig['radius_auth_port'] &&
175	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
176	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
177	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
178	fbf672cb	Matthew Grooms	}
179
180			}
181			}
182			}
183
184			if ($act == "new") {
185			$pconfig['ldap_protver'] = 3;
186			$pconfig['ldap_anon'] = true;
187			$pconfig['radius_srvcs'] = "both";
188	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
189			$pconfig['radius_acct_port'] = "1813";
190	fbf672cb	Matthew Grooms	}
191
192			if ($_POST) {
193			unset($input_errors);
194			$pconfig = $_POST;
195
196			/* input validation */
197
198			if ($pconfig['type'] == "ldap") {
199	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
200			"name type ldap_host ldap_port " .
201			"ldap_urltype ldap_protver ldap_scope " .
202			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
203	7b4b0ad3	Stephen Beaver
204	257705ca	Renato Botelho	$reqdfieldsn = array(
205			gettext("Descriptive name"),
206			gettext("Type"),
207			gettext("Hostname or IP"),
208			gettext("Port value"),
209			gettext("Transport"),
210			gettext("Protocol version"),
211			gettext("Search level"),
212			gettext("User naming Attribute"),
213			gettext("Group naming Attribute"),
214			gettext("Group member attribute"),
215			gettext("Authentication container"));
216	fbf672cb	Matthew Grooms
217			if (!$pconfig['ldap_anon']) {
218			$reqdfields[] = "ldap_binddn";
219			$reqdfields[] = "ldap_bindpw";
220	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
221			$reqdfieldsn[] = gettext("Bind Password");
222	fbf672cb	Matthew Grooms	}
223			}
224
225			if ($pconfig['type'] == "radius") {
226			$reqdfields = explode(" ", "name type radius_host radius_srvcs");
227	257705ca	Renato Botelho	$reqdfieldsn = array(
228			gettext("Descriptive name"),
229			gettext("Type"),
230			gettext("Hostname or IP"),
231			gettext("Services"));
232	fbf672cb	Matthew Grooms
233			if ($pconfig['radisu_srvcs'] == "both" \|\|
234	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "auth") {
235	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
236	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
237	fbf672cb	Matthew Grooms	}
238
239			if ($pconfig['radisu_srvcs'] == "both" \|\|
240	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "acct") {
241	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
242	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
243	fbf672cb	Matthew Grooms	}
244
245			if (!isset($id)) {
246			$reqdfields[] = "radius_secret";
247	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
248	fbf672cb	Matthew Grooms	}
249			}
250
251	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
252	fbf672cb	Matthew Grooms
253	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
254	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
255	2ee8dea1	Phil Davis	}
256	fbf672cb	Matthew Grooms
257	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
258	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
259	2ee8dea1	Phil Davis	}
260	acee624f	Ermal Lu?i
261	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
262			$to_field = "{$pconfig['type']}_timeout";
263			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
264			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
265			}
266	2ee8dea1	Phil Davis	}
267	bddd2be8	jim-p
268	fbf672cb	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
269			if (isAjax() && is_array($input_errors)) {
270			input_errors2Ajax($input_errors);
271			exit;
272			}
273
274			if (!$input_errors) {
275			$server = array();
276			$server['refid'] = uniqid();
277	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
278	fbf672cb	Matthew Grooms	$server = $a_server[$id];
279	2ee8dea1	Phil Davis	}
280	fbf672cb	Matthew Grooms
281			$server['type'] = $pconfig['type'];
282			$server['name'] = $pconfig['name'];
283
284			if ($server['type'] == "ldap") {
285
286	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
287	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
288	2ee8dea1	Phil Davis	}
289	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
290			$server['ldap_port'] = $pconfig['ldap_port'];
291			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
292			$server['ldap_protver'] = $pconfig['ldap_protver'];
293			$server['ldap_scope'] = $pconfig['ldap_scope'];
294			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
295	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
296	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
297			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
298	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
299			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
300			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
301	149efbea	jim-p
302			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
303
304	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
305	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
306	2ee8dea1	Phil Davis	} else {
307	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
308	2ee8dea1	Phil Davis	}
309			if ($pconfig['ldap_nostrip_at'] == "yes") {
310	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
311	2ee8dea1	Phil Davis	} else {
312	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
313	2ee8dea1	Phil Davis	}
314	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
315			$server['ldap_rfc2307'] = true;
316			} else {
317			unset($server['ldap_rfc2307']);
318			}
319	a5cd1c5a	jim-p
320	fbf672cb	Matthew Grooms
321			if (!$pconfig['ldap_anon']) {
322			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
323			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
324			} else {
325			unset($server['ldap_binddn']);
326			unset($server['ldap_bindpw']);
327			}
328	d6b4dfe3	jim-p
329			if ($pconfig['ldap_timeout']) {
330			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
331			} else {
332			$server['ldap_timeout'] = 25;
333			}
334	fbf672cb	Matthew Grooms	}
335
336			if ($server['type'] == "radius") {
337
338			$server['host'] = $pconfig['radius_host'];
339
340	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
341	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
342	2ee8dea1	Phil Davis	}
343	fbf672cb	Matthew Grooms
344	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
345	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
346	2ee8dea1	Phil Davis	} else {
347	afdf29d3	jim-p	$server['radius_timeout'] = 5;
348	2ee8dea1	Phil Davis	}
349	bddd2be8	jim-p
350	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
351			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
352			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
353			}
354
355			if ($pconfig['radius_srvcs'] == "auth") {
356			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
357			unset($server['radius_acct_port']);
358			}
359
360			if ($pconfig['radius_srvcs'] == "acct") {
361			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
362			unset($server['radius_auth_port']);
363			}
364			}
365
366	2ee8dea1	Phil Davis	if (isset($id) && $config['system']['authserver'][$id]) {
367	6306b5dd	Ermal Lu?i	$config['system']['authserver'][$id] = $server;
368	2ee8dea1	Phil Davis	} else {
369	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
370	2ee8dea1	Phil Davis	}
371	fbf672cb	Matthew Grooms
372			write_config();
373
374			pfSenseHeader("system_authservers.php");
375			}
376			}
377
378	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
379	504bd882	Stephen Beaver	if($_POST && $input_errors) {
380			$pconfig = $_POST;
381			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
382	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
383	504bd882	Stephen Beaver	}
384
385	fbf672cb	Matthew Grooms	include("head.inc");
386
387	a0165602	Sjon Hortensius	if ($input_errors)
388			print_input_errors($input_errors);
389	7b4b0ad3	Stephen Beaver
390	a0165602	Sjon Hortensius	if ($savemsg)
391	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
392	a0165602	Sjon Hortensius
393			$tab_array = array();
394			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
395			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
396			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
397			$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
398			display_top_tabs($tab_array);
399
400			if (!($act == "new" \|\| $act == "edit" \|\| $input_errors))
401			{
402			?>
403	94404d94	Sander van Leeuwen	<div class="table-responsive">
404			<table class="table table-striped table-hover">
405			<thead>
406			<tr>
407			<th><?=gettext("Server Name")?></th>
408			<th><?=gettext("Type")?></th>
409			<th><?=gettext("Host Name")?></th>
410	782922c2	Stephen Beaver	<th><?=gettext("Actions")?></th>
411	94404d94	Sander van Leeuwen	</tr>
412			</thead>
413			<tbody>
414			<?php foreach($a_server as $i => $server): ?>
415			<tr>
416			<td><?=htmlspecialchars($server['name'])?></td>
417			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
418			<td><?=htmlspecialchars($server['host'])?></td>
419			<td>
420			<?php if ($i < (count($a_server) - 1)): ?>
421	f9dd6a4b	heper	<a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
422	33f0b0d5	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>"></a>
423	94404d94	Sander van Leeuwen	<?php endif?>
424			</td>
425			</tr>
426			<?php endforeach; ?>
427			</tbody>
428			</table>
429			</div>
430
431	c10cb196	Stephen Beaver	<nav class="action-buttons">
432	782922c2	Stephen Beaver	<a href="?act=new" class="btn btn-success btn-sm">
433	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
434	782922c2	Stephen Beaver	<?=gettext("Add")?>
435			</a>
436	94404d94	Sander van Leeuwen	</nav>
437	fbf672cb	Matthew Grooms	<?php
438	a0165602	Sjon Hortensius	include("foot.inc");
439			exit;
440	fbf672cb	Matthew Grooms	}
441
442	ad2879b8	PiBa-NL	require_once('classes/Form.class.php');
443	a0165602	Sjon Hortensius	$form = new Form;
444			$form->setAction('system_authservers.php?act=edit');
445	ea342b0f	Stephen Beaver
446	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
447			'userid',
448			null,
449			'hidden',
450			$id
451			));
452
453			$section = new Form_Section('Server settings');
454
455			$section->addInput($input = new Form_Input(
456			'name',
457			'Descriptive name',
458			'text',
459			$pconfig['name']
460			));
461
462			$section->addInput($input = new Form_Select(
463			'type',
464			'Type',
465			$pconfig['type'],
466			$auth_server_types
467	44d906ca	Sjon Hortensius	))->toggles();
468	a0165602	Sjon Hortensius
469			$form->add($section);
470	6157f724	Stephen Beaver
471			// ==== LDAP settings =========================================================
472	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
473	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
474	a0165602	Sjon Hortensius
475			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
476			$section->addClass('in');
477
478			$section->addInput(new Form_Input(
479			'ldap_host',
480			'Hostname or IP address',
481			'text',
482			$pconfig['ldap_host']
483			))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '.
484	5585e65d	Chris Buechler	'(CN) of the LDAP server\'s SSL Certificate.');
485	a0165602	Sjon Hortensius
486			$section->addInput(new Form_Input(
487			'ldap_port',
488			'Port value',
489			'number',
490			$pconfig['ldap_port']
491			));
492
493			$section->addInput(new Form_Select(
494			'ldap_urltype',
495			'Transport',
496			$pconfig['ldap_urltype'],
497			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
498			));
499
500			if (empty($a_ca))
501			{
502			$section->addInput(new Form_StaticText(
503			'Peer Certificate Authority',
504			'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.'
505			));
506	fbf672cb	Matthew Grooms	}
507	a0165602	Sjon Hortensius	else
508			{
509			$ldapCaRef = [];
510			foreach ($a_ca as $ca)
511			$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
512
513			$section->addInput(new Form_Select(
514			'ldap_caref',
515			'Peer Certificate Authority',
516			$pconfig['ldap_caref'],
517			$ldapCaRef
518			))->setHelp('This option is used if \'SSL Encrypted\' option is choosen. '.
519			'It must match with the CA in the AD otherwise problems will arise.');
520	fbf672cb	Matthew Grooms	}
521
522	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
523			'ldap_protver',
524			'Protocol version',
525			$pconfig['ldap_protver'],
526			array_combine($ldap_protvers, $ldap_protvers)
527			));
528
529	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
530			'ldap_timeout',
531			'Server Timeout',
532			'number',
533			$pconfig['ldap_timeout'],
534			['placeholder' => 25]
535			))->setHelp('Timeout for LDAP operations (seconds)');
536
537	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
538
539	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
540	a0165602	Sjon Hortensius	'ldap_scope',
541	c84db5bb	Stephen Beaver	'Level',
542	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
543			$ldap_scopes
544	c84db5bb	Stephen Beaver	);
545	df8fca9d	Stephen Beaver
546	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
547	a0165602	Sjon Hortensius	'ldap_basedn',
548			'Base DN',
549			'text',
550			$pconfig['ldap_basedn']
551	c84db5bb	Stephen Beaver	);
552	905f6119	Stephen Beaver
553	c84db5bb	Stephen Beaver
554			$section->addInput(new Form_StaticText(
555			'Search scope',
556			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
557			));
558	a0165602	Sjon Hortensius
559			$group = new Form_Group('Authentication containers');
560			$group->add(new Form_Input(
561			'ldapauthcontainers',
562			'Containers',
563			'text',
564			$pconfig['ldap_authcn']
565			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
566			'base dn above or you can specify full container path containing a dc= '.
567			'component.<br/>Example: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers');
568	504bd882	Stephen Beaver
569	a0165602	Sjon Hortensius	$group->add(new Form_Button(
570			'Select',
571	501efbd2	Stephen Beaver	'Select a container'
572			))->removeClass('btn-primary')->addClass('btn-default');
573
574	a0165602	Sjon Hortensius	$section->add($group);
575
576	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
577	a0165602	Sjon Hortensius	'ldap_extended_enabled',
578	2e101d89	Sander van Leeuwen	'Extended query',
579			'Enable extended query',
580	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
581	e39a41e9	Stephen Beaver	));
582	a0165602	Sjon Hortensius
583	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
584	e39a41e9	Stephen Beaver	$group->addClass('extended');
585
586	a0165602	Sjon Hortensius	$group->add(new Form_Input(
587			'ldap_extended_query',
588	2e101d89	Sander van Leeuwen	'Query',
589	a0165602	Sjon Hortensius	'text',
590			$pconfig['ldap_extended_query']
591	2e101d89	Sander van Leeuwen	))->setHelp('Example: &(objectClass=inetOrgPerson)(mail=*@example.com)');
592
593	a0165602	Sjon Hortensius	$section->add($group);
594
595			$section->addInput(new Form_Checkbox(
596			'ldap_anon',
597			'Bind anonymous',
598			'Use anonymous binds to resolve distinguished names',
599			$pconfig['ldap_anon']
600	b0909f2e	Stephen Beaver	));
601	a0165602	Sjon Hortensius
602			$group = new Form_Group('Bind credentials');
603	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
604
605	a0165602	Sjon Hortensius	$group->add(new Form_Input(
606			'ldap_binddn',
607			'User DN:',
608			'text',
609			$pconfig['ldap_binddn']
610			));
611	b0909f2e	Stephen Beaver
612	a0165602	Sjon Hortensius	$group->add(new Form_Input(
613			'ldap_bindpw',
614			'Password',
615			'text',
616			$pconfig['ldap_bindpw']
617			));
618			$section->add($group);
619
620	ac9d8bed	Stephen Beaver	if (!isset($id)) {
621			$template_list = array();
622
623			foreach($ldap_templates as $option => $template) {
624			$template_list[$option] = $template['desc'];
625			}
626	a0165602	Sjon Hortensius
627			$section->addInput(new Form_Select(
628			'ldap_tmpltype',
629			'Initial Template',
630			$pconfig['ldap_template'],
631	ac9d8bed	Stephen Beaver	$template_list
632	a0165602	Sjon Hortensius	));
633	fbf672cb	Matthew Grooms	}
634
635	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
636			'ldap_attr_user',
637			'User naming attribute',
638			'text',
639			$pconfig['ldap_attr_user']
640			));
641
642			$section->addInput(new Form_Input(
643			'ldap_attr_group',
644			'Group naming attribute',
645			'text',
646			$pconfig['ldap_attr_group']
647			));
648
649			$section->addInput(new Form_Input(
650			'ldap_attr_member',
651			'Group member attribute',
652			'text',
653			$pconfig['ldap_attr_member']
654			));
655
656	149efbea	jim-p	$section->addInput(new Form_Checkbox(
657			'ldap_rfc2307',
658			'RFC 2307 Groups',
659			'LDAP Server uses RFC 2307 style group membership',
660			$pconfig['ldap_rfc2307']
661			))->setHelp('RFC 2307 style group membership has members listed on the group '.
662			'object rather than using groups listed on user object. Leave unchecked '.
663			'for Active Directory style group membership (RFC 2307bis).');
664
665			$section->addInput(new Form_Input(
666			'ldap_attr_groupobj',
667			'Group Object Class',
668			'text',
669			$pconfig['ldap_attr_groupobj'],
670			['placeholder' => 'posixGroup']
671			))->setHelp('Object class used for groups in RFC2307 mode. '.
672			'Typically "posixGroup" or "group".');
673
674	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
675			'ldap_utf8',
676			'UTF8 Encode',
677			'UTF8 encode LDAP parameters before sending them to the server.',
678			$pconfig['ldap_utf8']
679			))->setHelp('Required to support international characters, but may not be '.
680			'supported by every LDAP server.');
681
682			$section->addInput(new Form_Checkbox(
683			'ldap_nostrip_at',
684			'Username Alterations',
685			'Do not strip away parts of the username after the @ symbol',
686			$pconfig['ldap_nostrip_at']
687			))->setHelp('e.g. user@host becomes user when unchecked.');
688
689			$form->add($section);
690	6157f724	Stephen Beaver
691			// ==== RADIUS section ========================================================
692	a0165602	Sjon Hortensius	$section = new Form_Section('Radius Server Settings');
693	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
694	a0165602	Sjon Hortensius
695			$section->addInput(new Form_Input(
696			'radius_host',
697			'Hostname or IP address',
698			'text',
699			$pconfig['radius_host']
700			));
701
702			$section->addInput(new Form_Input(
703			'radius_secret',
704			'Shared Secret',
705			'text',
706			$pconfig['radius_secret']
707			));
708
709			$section->addInput(new Form_Select(
710			'radius_srvcs',
711			'Services offered',
712			$pconfig['radius_srvcs'],
713			$radius_srvcs
714			));
715
716			$section->addInput(new Form_Input(
717			'radius_auth_port',
718	81ec3187	Chris Buechler	'Authentication port',
719	a0165602	Sjon Hortensius	'number',
720	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
721	a0165602	Sjon Hortensius	));
722
723			$section->addInput(new Form_Input(
724			'radius_acct_port',
725	df5d8616	Stephen Beaver	'Accounting port',
726	a0165602	Sjon Hortensius	'number',
727			$pconfig['radius_acct_port']
728			));
729
730			$section->addInput(new Form_Input(
731			'radius_timeout',
732			'Authentication Timeout',
733			'number',
734			$pconfig['radius_timeout']
735			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
736			'server may take to respond to an authentication request. If left blank, the '.
737			'default value is 5 seconds. NOTE: If you are using an interactive two-factor '.
738			'authentication system, increase this timeout to account for how long it will '.
739			'take the user to receive and enter a token.');
740
741			if (isset($id) && $a_server[$id])
742			{
743			$section->addInput(new Form_Input(
744			'id',
745			null,
746			'hidden',
747			$id
748			));
749	6306b5dd	Ermal Lu?i	}
750	a0165602	Sjon Hortensius
751			$form->add($section);
752			print $form;
753	ac9d8bed	Stephen Beaver	?>
754			<script>
755			//<![CDATA[
756			events.push(function(){
757	501efbd2	Stephen Beaver	function select_clicked() {
758			if (document.getElementById("ldap_port").value == '' \|\|
759	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
760			document.getElementById("ldap_scope").value == '' \|\|
761			document.getElementById("ldap_basedn").value == '' \|\|
762			document.getElementById("ldapauthcontainers").value == '') {
763	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
764			return;
765			}
766	7b4b0ad3	Stephen Beaver
767	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
768			if (document.getElementById("ldap_binddn").value == '' \|\|
769	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
770	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
771			return;
772			}
773			}
774			var url = 'system_usermanager_settings_ldapacpicker.php?';
775			url += 'port=' + document.getElementById("ldap_port").value;
776			url += '&host=' + document.getElementById("ldap_host").value;
777			url += '&scope=' + document.getElementById("ldap_scope").value;
778			url += '&basedn=' + document.getElementById("ldap_basedn").value;
779			url += '&binddn=' + document.getElementById("ldap_binddn").value;
780			url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
781			url += '&urltype=' + document.getElementById("ldap_urltype").value;
782			url += '&proto=' + document.getElementById("ldap_protver").value;
783			url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
784			<?php if (count($a_ca) > 0): ?>
785			url += '&cert=' + document.getElementById("ldap_caref").value;
786			<?php else: ?>
787			url += '&cert=';
788			<?php endif; ?>
789	7b4b0ad3	Stephen Beaver
790	501efbd2	Stephen Beaver	var oWin = window.open(url, "pfSensePop", "width=620,height=400,top=150,left=150");
791			if (oWin == null \|\| typeof(oWin) == "undefined") {
792	7b4b0ad3	Stephen Beaver	alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
793	501efbd2	Stephen Beaver	}
794			}
795	7b4b0ad3	Stephen Beaver
796	f3a43095	Stephen Beaver	function set_ldap_port() {
797	7b4b0ad3	Stephen Beaver	if($('#ldap_urltype').find(":selected").index() == 0)
798	f3a43095	Stephen Beaver	$('#ldap_port').val('389');
799			else
800	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
801			}
802
803			// Hides all elements of the specified class. This will usually be a section
804			function hideClass(s_class, hide) {
805			if(hide)
806			$('.' + s_class).hide();
807			else
808			$('.' + s_class).show();
809	f3a43095	Stephen Beaver	}
810	7b4b0ad3	Stephen Beaver
811	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
812			switch ($('#ldap_tmpltype').find(":selected").index()) {
813			<?php
814			$index = 0;
815			foreach ($ldap_templates as $tmpldata):
816			?>
817			case <?=$index;?>:
818			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
819			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
820			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
821			break;
822			<?php
823			$index++;
824			endforeach;
825			?>
826			}
827			}
828	a0165602	Sjon Hortensius
829	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
830	782922c2	Stephen Beaver
831	c4302457	Stephen Beaver	<?php if ($act != 'edit') : ?>
832	ac9d8bed	Stephen Beaver	ldap_tmplchange();
833	c4302457	Stephen Beaver	<?php endif; ?>
834
835	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
836	501efbd2	Stephen Beaver	$("#Select").prop('type','button');
837	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
838	7b4b0ad3	Stephen Beaver
839	f3a43095	Stephen Beaver	if($('#ldap_port').val() == "")
840			set_ldap_port();
841	ac9d8bed	Stephen Beaver
842	ea342b0f	Stephen Beaver	<?php
843			if($act == 'edit') {
844			?>
845	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
846	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
847	6157f724	Stephen Beaver	});
848	7b4b0ad3	Stephen Beaver
849	2138c41b	Stephen Beaver	<?php
850			if(!$input_errors) {
851	7b4b0ad3	Stephen Beaver	?>
852	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
853	ea342b0f	Stephen Beaver	<?php
854	2138c41b	Stephen Beaver	}
855	ea342b0f	Stephen Beaver	}
856			?>
857	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
858	782922c2	Stephen Beaver
859	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
860			ldap_tmplchange();
861			});
862	b0909f2e	Stephen Beaver
863	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
864			hideClass('ldapanon', this.checked);
865			});
866
867	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
868			set_ldap_port();
869	7b4b0ad3	Stephen Beaver	});
870
871			$('#Select').click(function () {
872			select_clicked();
873			});
874	504bd882	Stephen Beaver
875	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
876			hideClass('extended', !this.checked);
877			});
878	504bd882	Stephen Beaver
879	ac9d8bed	Stephen Beaver	});
880			//]]>
881			</script>
882			<?php
883	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense